Jump to content
Not connected, Your IP: 3.90.56.90
KrOSs

tls key negotation failed (Android)

Recommended Posts

Hi, i am having a tls key negotation problem with android, this is the log generated by Openvpn for android:

 

 

2014-06-19 23:22:35 Corriendo sobre GT-I9195 (MSM8960) samsung, API Android 19, versión 0.6.11, versión oficial

2014-06-19 23:22:38 Construyendo configuracion…
2014-06-19 23:22:40 started Socket Thread
2014-06-19 23:22:40 P:Initializing Google Breakpad!
2014-06-19 23:22:40 Current Parameter Settings:
2014-06-19 23:22:40   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-06-19 23:22:40   mode = 0
2014-06-19 23:22:40   show_ciphers = DISABLED
2014-06-19 23:22:40   show_digests = DISABLED
2014-06-19 23:22:40   show_engines = DISABLED
2014-06-19 23:22:40   genkey = DISABLED
2014-06-19 23:22:40   key_pass_file = '[uNDEF]'
2014-06-19 23:22:40   show_tls_ciphers = DISABLED
2014-06-19 23:22:40   connect_retry_max = 5
2014-06-19 23:22:40 Connection profiles [0]:
2014-06-19 23:22:40   proto = udp
2014-06-19 23:22:40   local = '[uNDEF]'
2014-06-19 23:22:40   local_port = '[uNDEF]'
2014-06-19 23:22:40   remote = '199.21.149.44'
2014-06-19 23:22:40   remote_port = '53'
2014-06-19 23:22:40   remote_float = DISABLED
2014-06-19 23:22:40   bind_defined = DISABLED
2014-06-19 23:22:40   bind_local = DISABLED
2014-06-19 23:22:40   bind_ipv6_only = DISABLED
2014-06-19 23:22:40   connect_retry_seconds = 5
2014-06-19 23:22:40   connect_timeout = 10
2014-06-19 23:22:40   socks_proxy_server = '[uNDEF]'
2014-06-19 23:22:40   socks_proxy_port = '[uNDEF]'
2014-06-19 23:22:40   socks_proxy_retry = DISABLED
2014-06-19 23:22:40   tun_mtu = 1500
2014-06-19 23:22:40   tun_mtu_defined = ENABLED
2014-06-19 23:22:40   link_mtu = 1500
2014-06-19 23:22:40   link_mtu_defined = DISABLED
2014-06-19 23:22:40   tun_mtu_extra = 0
2014-06-19 23:22:40   tun_mtu_extra_defined = DISABLED
2014-06-19 23:22:40   mtu_discover_type = -1
2014-06-19 23:22:40   fragment = 0
2014-06-19 23:22:40   mssfix = 1450
2014-06-19 23:22:40   explicit_exit_notification = 5
2014-06-19 23:22:40 Connection profiles END
2014-06-19 23:22:40   remote_random = DISABLED
2014-06-19 23:22:40   ipchange = '[uNDEF]'
2014-06-19 23:22:40   dev = 'tun'
2014-06-19 23:22:40   dev_type = '[uNDEF]'
2014-06-19 23:22:41   dev_node = '[uNDEF]'
2014-06-19 23:22:41   lladdr = '[uNDEF]'
2014-06-19 23:22:41   topology = 1
2014-06-19 23:22:41   tun_ipv6 = DISABLED
2014-06-19 23:22:41   ifconfig_local = '[uNDEF]'
2014-06-19 23:22:41   ifconfig_remote_netmask = '[uNDEF]'
2014-06-19 23:22:41   ifconfig_noexec = DISABLED
2014-06-19 23:22:41   ifconfig_nowarn = DISABLED
2014-06-19 23:22:41   ifconfig_ipv6_local = '[uNDEF]'
2014-06-19 23:22:41   ifconfig_ipv6_netbits = 0
2014-06-19 23:22:41   ifconfig_ipv6_remote = '[uNDEF]'
2014-06-19 23:22:41   shaper = 0
2014-06-19 23:22:41   mtu_test = 0
2014-06-19 23:22:41   mlock = DISABLED
2014-06-19 23:22:41   keepalive_ping = 0
2014-06-19 23:22:41   keepalive_timeout = 0
2014-06-19 23:22:41   inactivity_timeout = 0
2014-06-19 23:22:41   ping_send_timeout = 0
2014-06-19 23:22:41   ping_rec_timeout = 0
2014-06-19 23:22:41   ping_rec_timeout_action = 0
2014-06-19 23:22:41   ping_timer_remote = DISABLED
2014-06-19 23:22:41   remap_sigusr1 = 0
2014-06-19 23:22:41   persist_tun = ENABLED
2014-06-19 23:22:41   persist_local_ip = DISABLED
2014-06-19 23:22:41   persist_remote_ip = DISABLED
2014-06-19 23:22:41   persist_key = DISABLED
2014-06-19 23:22:41   passtos = DISABLED
2014-06-19 23:22:41   resolve_retry_seconds = 1000000000
2014-06-19 23:22:41   resolve_in_advance = ENABLED
2014-06-19 23:22:41   username = '[uNDEF]'
2014-06-19 23:22:41   groupname = '[uNDEF]'
2014-06-19 23:22:41   chroot_dir = '[uNDEF]'
2014-06-19 23:22:41   cd_dir = '[uNDEF]'
2014-06-19 23:22:41   writepid = '[uNDEF]'
2014-06-19 23:22:41   up_script = '[uNDEF]'
2014-06-19 23:22:41   down_script = '[uNDEF]'
2014-06-19 23:22:41   down_pre = DISABLED
2014-06-19 23:22:41   up_restart = DISABLED
2014-06-19 23:22:41   up_delay = DISABLED
2014-06-19 23:22:41   daemon = DISABLED
2014-06-19 23:22:41   inetd = 0
2014-06-19 23:22:41   log = DISABLED
2014-06-19 23:22:41   suppress_timestamps = DISABLED
2014-06-19 23:22:41   machine_readable_output = ENABLED
2014-06-19 23:22:41   nice = 0
2014-06-19 23:22:41   verbosity = 4
2014-06-19 23:22:41   mute = 0
2014-06-19 23:22:41   gremlin = 0
2014-06-19 23:22:41   status_file = '[uNDEF]'
2014-06-19 23:22:41   status_file_version = 1
2014-06-19 23:22:41   status_file_update_freq = 60
2014-06-19 23:22:41   occ = ENABLED
2014-06-19 23:22:41   rcvbuf = 65536
2014-06-19 23:22:41   sndbuf = 65536
2014-06-19 23:22:41   sockflags = 0
2014-06-19 23:22:41   fast_io = DISABLED
2014-06-19 23:22:41   comp.alg = 2
2014-06-19 23:22:41   comp.flags = 1
2014-06-19 23:22:41   route_script = '[uNDEF]'
2014-06-19 23:22:41   route_default_gateway = '[uNDEF]'
2014-06-19 23:22:41   route_default_metric = 0
2014-06-19 23:22:41   route_noexec = DISABLED
2014-06-19 23:22:41   route_delay = 0
2014-06-19 23:22:41   route_delay_window = 30
2014-06-19 23:22:41   route_delay_defined = DISABLED
2014-06-19 23:22:41   route_nopull = DISABLED
2014-06-19 23:22:41   route_gateway_via_dhcp = DISABLED
2014-06-19 23:22:41   allow_pull_fqdn = DISABLED
2014-06-19 23:22:41   [redirect_default_gateway local=0]
2014-06-19 23:22:41   management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-06-19 23:22:41   management_port = 'unix'
2014-06-19 23:22:41   management_user_pass = '[uNDEF]'
2014-06-19 23:22:41   management_log_history_cache = 250
2014-06-19 23:22:41   management_echo_buffer_size = 100
2014-06-19 23:22:41   management_write_peer_info_file = '[uNDEF]'
2014-06-19 23:22:41   management_client_user = '[uNDEF]'
2014-06-19 23:22:41   management_client_group = '[uNDEF]'
2014-06-19 23:22:41   management_flags = 4390
2014-06-19 23:22:41   shared_secret_file = '[uNDEF]'
2014-06-19 23:22:41   key_direction = 2
2014-06-19 23:22:41   ciphername_defined = ENABLED
2014-06-19 23:22:41   ciphername = 'AES-256-CBC'
2014-06-19 23:22:41   authname_defined = ENABLED
2014-06-19 23:22:41   authname = 'SHA1'
2014-06-19 23:22:41   prng_hash = 'SHA1'
2014-06-19 23:22:41   prng_nonce_secret_len = 16
2014-06-19 23:22:41   keysize = 0
2014-06-19 23:22:41   engine = DISABLED
2014-06-19 23:22:41   replay = ENABLED
2014-06-19 23:22:41   mute_replay_warnings = DISABLED
2014-06-19 23:22:41   replay_window = 64
2014-06-19 23:22:41   replay_time = 15
2014-06-19 23:22:41   packet_id_file = '[uNDEF]'
2014-06-19 23:22:41   use_iv = ENABLED
2014-06-19 23:22:41   test_crypto = DISABLED
2014-06-19 23:22:41   tls_server = DISABLED
2014-06-19 23:22:41   tls_client = ENABLED
2014-06-19 23:22:41   key_method = 2
2014-06-19 23:22:41   ca_file = '[[iNLINE]]'
2014-06-19 23:22:41   ca_path = '[uNDEF]'
2014-06-19 23:22:41   dh_file = '[uNDEF]'
2014-06-19 23:22:41   cert_file = '[[iNLINE]]'
2014-06-19 23:22:41   priv_key_file = '[[iNLINE]]'
2014-06-19 23:22:41   pkcs12_file = '[uNDEF]'
2014-06-19 23:22:41   cipher_list = '[uNDEF]'
2014-06-19 23:22:41   tls_verify = '[uNDEF]'
2014-06-19 23:22:41   tls_export_cert = '[uNDEF]'
2014-06-19 23:22:41   verify_x509_type = 0
2014-06-19 23:22:41   verify_x509_name = '[uNDEF]'
2014-06-19 23:22:41   crl_file = '[uNDEF]'
2014-06-19 23:22:41   ns_cert_type = 0
2014-06-19 23:22:41   remote_cert_ku = 160
2014-06-19 23:22:41   remote_cert_ku = 136
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_eku = 'TLS Web Server Authentication'
2014-06-19 23:22:41   ssl_flags = 0
2014-06-19 23:22:41   tls_timeout = 2
2014-06-19 23:22:41   renegotiate_bytes = 0
2014-06-19 23:22:41   renegotiate_packets = 0
2014-06-19 23:22:41   renegotiate_seconds = 3600
2014-06-19 23:22:41   handshake_window = 60
2014-06-19 23:22:41   transition_window = 3600
2014-06-19 23:22:41   single_session = DISABLED
2014-06-19 23:22:41   push_peer_info = DISABLED
2014-06-19 23:22:41   tls_exit = DISABLED
2014-06-19 23:22:41   tls_auth_file = '[[iNLINE]]'
2014-06-19 23:22:41   client = ENABLED
2014-06-19 23:22:41   pull = ENABLED
2014-06-19 23:22:41   auth_user_pass_file = '[uNDEF]'
2014-06-19 23:22:41 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [sSL (OpenSSL)] [LZO] [sNAPPY] [LZ4] [EPOLL] [MH] [iPv6] built on Mar 12 2014
2014-06-19 23:22:41 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-06-19 23:22:41 MANAGEMENT: CMD 'hold release'
2014-06-19 23:22:41 MANAGEMENT: CMD 'proxy NONE'
2014-06-19 23:22:41 MANAGEMENT: CMD 'bytecount 2'
2014-06-19 23:22:41 MANAGEMENT: CMD 'state on'
2014-06-19 23:22:41 Estado de la red: CONNECTED HSPA+ to mobile bam.entelpcs.cl
2014-06-19 23:22:42 Control Channel Authentication: tls-auth using INLINE static key file
2014-06-19 23:22:42 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:22:42 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:22:42 LZO compression initializing
2014-06-19 23:22:42 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-06-19 23:22:42 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]
2014-06-19 23:22:42 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2014-06-19 23:22:42 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2014-06-19 23:22:42 Local Options hash (VER=V4): '9e7066d2'
2014-06-19 23:22:42 Expected Remote Options hash (VER=V4): '162b04de'
2014-06-19 23:22:42 TCP/UDP: Preserving recently used remote address: [AF_INET]199.21.149.44:53
2014-06-19 23:22:42 Socket Buffers: R=[163840->131072] S=[163840->131072]
2014-06-19 23:22:42 Protecting socket fd 4
2014-06-19 23:22:42 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-06-19 23:22:42 UDP link local: (not bound)
2014-06-19 23:22:42 UDP link remote: [AF_INET]199.21.149.44:53
2014-06-19 23:22:42 MANAGEMENT: >STATE:1403234562,WAIT,,,
2014-06-19 23:22:42 MANAGEMENT: >STATE:1403234562,AUTH,,,
2014-06-19 23:22:42 TLS: Initial packet from [AF_INET]199.21.149.44:53, sid=514a1a0d 9c192d64
2014-06-19 23:23:42 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-06-19 23:23:42 TLS Error: TLS handshake failed
2014-06-19 23:23:42 TCP/UDP: Closing socket
2014-06-19 23:23:42 SIGUSR1[soft,tls-error] received, process restarting
2014-06-19 23:23:42 MANAGEMENT: >STATE:1403234622,RECONNECTING,tls-error,,
2014-06-19 23:23:42 MANAGEMENT: CMD 'hold release'
2014-06-19 23:23:42 MANAGEMENT: CMD 'bytecount 2'
2014-06-19 23:23:42 MANAGEMENT: CMD 'state on'
2014-06-19 23:23:42 MANAGEMENT: CMD 'proxy NONE'
2014-06-19 23:23:43 Control Channel Authentication: tls-auth using INLINE static key file
2014-06-19 23:23:43 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:23:43 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:23:43 LZO compression initializing
2014-06-19 23:23:43 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-06-19 23:23:43 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]
2014-06-19 23:23:43 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2014-06-19 23:23:43 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2014-06-19 23:23:43 Local Options hash (VER=V4): '9e7066d2'
2014-06-19 23:23:43 Expected Remote Options hash (VER=V4): '162b04de'
2014-06-19 23:23:43 TCP/UDP: Preserving recently used remote address: [AF_INET]199.21.149.44:53
2014-06-19 23:23:43 Socket Buffers: R=[163840->131072] S=[163840->131072]
2014-06-19 23:23:43 Protecting socket fd 4
2014-06-19 23:23:43 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-06-19 23:23:43 UDP link local: (not bound)
2014-06-19 23:23:43 UDP link remote: [AF_INET]199.21.149.44:53
2014-06-19 23:23:43 MANAGEMENT: >STATE:1403234623,WAIT,,,
2014-06-19 23:23:43 MANAGEMENT: >STATE:1403234623,AUTH,,,
2014-06-19 23:23:43 TLS: Initial packet from [AF_INET]199.21.149.44:53, sid=595d26f9 6811b8b9

 

 
I don't know what could be, pls help.

Share this post


Link to post

Tried to connect to earth.vpn.airdns.org via TCP/443, resolved to the same IP like you. Similar results.

2014-06-20 13:06:17 Modell GT-I8160 (montblanc) samsung, Android API 19, version 0.6.11, F-Droid built and signed version 
2014-06-20 13:06:19 Generiere OpenVPN Konfiguration… 
2014-06-20 13:06:22 started Socket Thread
[...]
2014-06-20 13:06:22 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Mar 20 2014
[...]
2014-06-20 13:07:52 Attempting to establish TCP connection with [AF_INET]199.21.149.44:443 [nonblock] 
2014-06-20 13:07:52 MANAGEMENT: >STATE:1403262472,TCP_CONNECT,,, 
2014-06-20 13:07:52 Protecting socket fd 4 
2014-06-20 13:07:52 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 
2014-06-20 13:08:02 TCP: connect to [AF_INET]199.21.149.44:443 failed: Connection timed out 
2014-06-20 13:08:02 SIGUSR1[connection failed(soft),init_instance] received, process restarting
[...]

Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP

Share this post


Link to post

I have been having a similar problem. I often get the error "Error Rendering Cert" and have to try a couple times before i finally connect on my android device. It didn't used to be like this, my guess is the openVPN software has a bug. I started noticing this ever since the last openVPN update.

 

The closest solution i found was this https://forums.openvpn.net/topic16162.html#p42681 but doesn't look like we can do the same.

 

I'm still trying to find a solution...

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...